Tweak user services

.sops.yaml

@@ -3,7 +3,7 @@ keys:
   - &nathan age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
   - &levitation age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
 creation_rules:
-  - path_regex: secrets/[^/]+\.yaml$
+  - path_regex: .*
     key_groups:
       - age:
           - *nathan

applications/media.nix

@@ -15,6 +15,88 @@ let
         --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages}
     '';
   };
+  mopidyConf = pkgs.writeText "mopidy.conf"
+    ''
+      [core]
+      #cache_dir = $XDG_CACHE_DIR/mopidy
+      #config_dir = $XDG_CONFIG_DIR/mopidy
+      #data_dir = $XDG_DATA_DIR/mopidy
+      #max_tracklist_length = 10000
+      #restore_state = false
+
+      [logging]
+      #verbosity = 0
+      #format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n  %(message)s
+      #color = true
+      #config_file =
+
+      [audio]
+      #mixer = software
+      #mixer_volume = 
+      #output = autoaudiosink
+      #buffer_time = 
+
+      [proxy]
+      #scheme = 
+      #hostname = 
+      #port = 
+      #username = 
+      #password = 
+
+      [file]
+      enabled = true
+      media_dirs =
+       ~/Music
+      #  $XDG_MUSIC_DIR|Music
+      #excluded_file_extensions = 
+      #  .directory
+      #  .html
+      #  .jpeg
+      #  .jpg
+      #  .log
+      #  .nfo
+      #  .pdf
+      #  .png
+      #  .txt
+      #  .zip
+      #show_dotfiles = false
+      #follow_symlinks = false
+      #metadata_timeout = 1000
+
+      [http]
+      #enabled = true
+      #hostname = 127.0.0.1
+      #port = 6680
+      #zeroconf = Mopidy HTTP server on $hostname
+      #allowed_origins = 
+      #csrf_protection = true
+      #default_app = mopidy
+
+      [m3u]
+      #enabled = true
+      #base_dir = $XDG_MUSIC_DIR
+      #default_encoding = latin-1
+      #default_extension = .m3u8
+      #playlists_dir =
+
+      [softwaremixer]
+      #enabled = true
+
+      [stream]
+      #enabled = true
+      #protocols = 
+      #  http
+      #  https
+      #  mms
+      #  rtmp
+      #  rtmps
+      #  rtsp
+      #metadata_blacklist = 
+      #timeout = 5000
+
+      [mpd]
+      enabled = true
+    '';
 in
 {
   environment.systemPackages = with pkgs; [
@@ -37,6 +119,8 @@ in
   # Mount music directory
   systemd.user.services.rclone-music = {
     description = "Rclone mount ~/Music";
+    wantedBy = [ "graphical-session.target" ];
+    partOf = [ "graphical-session.target" ];
     serviceConfig = {
       # So we can pick up the fusermount wrapper, this is a less than ideal way to do this
       Environment = "PATH=/usr/bin:/run/wrappers/bin/";
@@ -49,8 +133,10 @@ in
   # Start mopidy as a user service, for sanity
   systemd.user.services.mopidy = {
     description = "Mopidy music server";
+    wantedBy = [ "graphical-session.target" ];
+    partOf = [ "graphical-session.target" ];
     serviceConfig = {
-      ExecStart = "${mopidyEnv}/bin/mopidy";
+      ExecStart = "${mopidyEnv}/bin/mopidy --config ${lib.concatStringsSep ":" [mopidyConf config.sops.secrets.lastfm-conf.path]}";
     };
     wants = [ "rclone-music.service" ];
     enable = true;

flake.nix

@@ -43,8 +43,11 @@
         ({ pkgs, config, ... }: {
           sops.defaultSopsFile = ./secrets/nathan.yaml;
           sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-          sops.secrets.lastfm-username.owner = "nathan";
-          sops.secrets.lastfm-password.owner = "nathan";
+          sops.secrets.lastfm-conf = {
+            owner = "nathan";
+            format = "binary";
+            sopsFile = ./secrets/lastfm.conf;
+          };
         })
       ];
       desktopModules = coreModules ++ [

secrets/lastfm.conf

@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:npExHcbdV1BI5Iwu/bFhYazAnILtUv4CyOcXbmgTzE9kptRXBnVZp8MsU011sVTd2b3KN5cOHIHK453z1olru0TIgsU4ahi/,iv:ZHV/53GY9ItxfnelAz77+FPp7skXpZIEoGRTqaP3rr8=,tag:DF+n3HPa/cbChQVl8SV7dw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNU05pMHIveUxHQWlOc1BE\nWUJmcEhLemlZR1BmZjExcnQ2am1oSWdlclMwClc5TVcvWG0rZlFHVk5adzVKSWRR\nelJQb2ZTUFlnVVYxNUp0bkhrNTJ0WUkKLS0tIEJDMDk2ZjhadEVlTXZySnNpdU1Y\ncmJqb002VnpBT2RCdG01OU1CU3Byc0EKz7w9mFgzDtYsyAvmv1NyJ4czElOrhiAi\n+LI02dBEDoPASFCG8CwFSFMFmkI4soGmVOROTFAamMQoMb3ZKb2UAw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObzlvb3FBTjJPQm4ycDBS\nNkg5RVIxTy9QWEtGY05KbDhmTnZYUmFpU1NFCmNPR2pUY213T0NJTkJiQW5CZmxn\nRHFwZFRzcVNncWRhZDVIR0VKL0pmZTQKLS0tIDhLZXdhOGQ0UnNiNlhkRzU4RWpE\neXRaMGs0WGNCNjBBN2tPWmZDZGs0czQKyzhFBjqFoyCkhOXFK6n18wsfAk8hMT3/\nbJ7Jx+MJx51ML1U8PahCbMeC1Vj2lPg/NT7QJUeP4mlqZIrYds9tLw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2022-02-03T12:21:33Z",
+		"mac": "ENC[AES256_GCM,data:dvNRR+3Aug/h9LbTdqS+Mqd7exsnSAwBM70UoHyLWjCqkmSN7JUMagam4Dw9j8lRKy5liau/EQY/Ml4MsKEKv4X7ENlTyEK2b3aKkeBOP8ytalsQmEawpJ7MGvS0Zyt9R7M1X6eUNyK7LWOhFXJqaHBkJXqHWCMdyUVfA+OThog=,iv:qrR3TyiZNS49NcpmDD7BBPK3w5m1kgLSgwj//h8qvME=,tag:HeV9D9lz5xuSn7JZiKpurw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.1"
+	}
+}